HAPPY NEW YEAR 2017

Identity And Access Management - Rajiv Dewan

Catalog Search API Usage



Request Catalog Search API Usage:

public void searchCatalog(OIMClient oimClient){     

CatalogService catalogService = oimClient.getService(CatalogService .class);
CatalogSearchCriteria catalogSearchCriteria = new CatalogSearchCriteria(CatalogSearchCriteria.Argument.TAG, "Test", CatalogSearchCriteria.Operator.EQUAL); // WORKING
try {
    CatalogSearchResult catalogSearchResult = catalogService.search(catalogSearchCriteria, 0, 100, CatalogConstants.CATALOG_ITEM_TAGS, SortCriteria.ASCENDING);
  

  } catch (Exception e) {
       e.printStackTrace();

  }

}

AD Connector Bug


I was working AD Connector 9.1.0.7 with OIM 11.1.1.3.6 and I found that whenever we run Target Reconciliation, it doesn't update the last modify timestamp.

Note:

It comes when you create multiple jobs for AD Target Reconciliation schedulers.

Cause:

I did debugging and found that AD Connector contains one method called updateMTS( ) which is responsible for updating the Time Stamp attribute of that Schedule Job.

In this method, developers did a search based on Schedule Task Attribute Name (ADCS TimeStamp). It returns a resultset. 
Developed iterated the resultset and whatever schedule job comes first in the resultset, they update that Schedule job (First Schedule Job in the ResultSet).

This issue comes when you create multiple jobs for that Schedule Task because if you have only one job then resultset will return only one row and code will work fine.

Impact:

  1. It has a huge impact on performance and size of database because if you have multiple jobs for multiple AD Servers then it will do FULL RECONCILIATION every time. It will impact server performance as well as OIM Database.
  2. Every time it is updating the first job which is coming in resultset. Suppose you are running job1 now but it updates the Time Stamp for Job2. When Job2 will run, it will pick the users who got modified after that updated timestamp (of Job1) which means Job2 will miss all the updates from AD for that period which leads to an Audit issue.
 Multiple threads are there on Metalink but those threads were different from my issue.





OIM 11g R2 Interview Questions


More OIM Questions:

 

Basic Oracle Identity Manager Interview Questions

 
  • Difference between OIM 11g R1 and OIM 11g R2 ?
  • Difference between OIM 10g and OIM 11g R2 ?
  • What is Request Catalog ?
  • What is Request Profile ?
  • Difference between Application Instance and Resource Object ?
  • What are Admin Roles ?
  • Experience with UI Customization in OIM 11g R2 ?
  • Experience with ICF Connector ?
  • Experience in upgrading existing OIM implementation to OIM 11g R2 ?
  • List of connectors which you have worked on ?
  • High level steps for Custom Connector ?
  • What are Archival Utilities ?
  • How do you hide Admin Links for End Users from Identity Console ?
  • What are factors which one should keep in mind for upgrade project ?
  • How will you plan an upgrade project ?





BUG OR ENHANCEMENT OR MY ...

 BUG  OR  ENHANCEMENT  OR MY MISTAKE



Use Case:


I have integrated some targets with OIM 11g R2. Everything worked fine and user got provisioned into target application without any error. My connector is having Process Form as well as Application Instance Form.

Things are good so far. 

I want to see the process form data attached with that particular provisioning instance. I searched the user, saw his attributes, went to applications tab and saw the application instances provisioned to that user.

As I select my Application Instance, I can see some data on the screen but that is coming from Application Instance Form. I want to see the data which is there in Process Form because process form is having few extra fields.

I am not able to see any link/tab to see that data.

Possible Outcomes:

It could be a:

Mistake:

Am I doing any mistake or following some wrong steps to view/edit Process Form Data ? I followed the same steps which I used to follow in OIM 10g/11g.

Enhancement:

It could be an enhancement but I don't think so as it is common requirement so we can't call it as an Enhancement as well.

Bug:

If it is a bug then 

WOW !!!


Getting API Instance in OIM 11g R2

Getting OIMClient in Oracle Identity Manager 11g R2



public void getOIMCLient(){
        OIMClient oimClient = null;
      
  try{
    System.setProperty("APPSERVER_TYPE", "wls");
    final String USERNAME = "xelsysadm";
    final String PASSWORD = "Password12";

    final String PROVIDER_URL = "t3://OIMHOST:OIMPORT/identity";
    final Hashtable env = new Hashtable();
     env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, PROVIDER_URL);

     env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,     
                                   OIMClient.WLS_CONTEXT_FACTORY);
     env.put("APPSERVER_TYPE", "wls");
     oimClient = new OIMClient(env);
     oimClient.login(USERNAME, PASSWORD.toCharArray());
     System.out.println("oimClient :: " + oimClient);
    }catch(Exception e){
        e.printStackTrace();
    }
  }

ICF: Identity Connector Framework


When Oracle introduces ICF in OIM 11g R1 PS1 then few questions which might have come to everyone’s mind:
  1. What is ICF?
  2. How it is related to OIM?
  3. Where will we use it?
  4. Why should we use it?
  5. Would it be hard to build?
  6. Would it be hard to learn?

Same questions came to my mind as well. After couple of months, finally I got some time to write a blog entry on this.

ICF is nothing but Identity Connector Framework. It’s not a new name in the world of information technology.  It’s a connector (not exactly a connector itself, we can call it as a methodology) which can be used to integrate separate applications together or which can be used to build different connectors for different target systems. It is an independent piece of code which can be used anywhere.
It has two parts, Connector SPI and Connector API. SPI consists of different interfaces which can be implemented when we build ICF APIs.

In OIM, we have to write different custom connectors for Provisioning and Reconciliations. We can leverage ICF Features while creating custom connector with less efforts. Few OOTB connectors are also available with ICF like GoogleApps, Database User Management, OID, OUD etc.

It takes very less time to build custom connector as compare to our legacy methods. It comes with other benefits as well which I am going to explain in a separate blog entry.  Nothing is hard to learn, it’s just a matter of time. I am sure when you start using it, you’ll love it as it saves so much time while building the OIM components.